CREATE TABLE t1 (i INT);

SET debug_dbug="+d,test_completely_invisible,test_invisible_index";

CREATE TABLE t2 LIKE t1;

# Cleanup

SET debug_dbug= DEFAULT;

DROP TABLE t1, t2;

==8922==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7f4268d3a750 at pc 0x55c9955068d7 bp 0x7f4268d382c0 sp 0x7f4268d382b8

WRITE of size 8 at 0x7f4268d3a750 thread T5

    #0 0x55c9955068d6 in base_list::push_back(void*, st_mem_root*) /data/src/10.3/sql/sql_list.h:179

    #1 0x55c99595bff0 in List<Key>::push_back(Key*, st_mem_root*) /data/src/10.3/sql/sql_list.h:487

    #2 0x55c99592760d in mysql_add_invisible_index(THD*, List<Key>*, st_mysql_const_lex_string*, Key::Keytype) /data/src/10.3/sql/sql_table.cc:3372

    #3 0x55c995927a07 in mysql_prepare_create_table /data/src/10.3/sql/sql_table.cc:3432

    #4 0x55c995930bce in mysql_create_frm_image(THD*, char const*, char const*, HA_CREATE_INFO*, Alter_info*, int, st_key**, unsigned int*, st_mysql_const_unsigned_lex_string*) /data/src/10.3/sql/sql_table.cc:4742

    #5 0x55c995932048 in create_table_impl /data/src/10.3/sql/sql_table.cc:4984

    #6 0x55c995932a72 in mysql_create_table_no_lock(THD*, char const*, char const*, Table_specification_st*, Alter_info*, bool*, int, TABLE_LIST*) /data/src/10.3/sql/sql_table.cc:5102

    #7 0x55c995936f89 in mysql_create_like_table(THD*, TABLE_LIST*, TABLE_LIST*, Table_specification_st*) /data/src/10.3/sql/sql_table.cc:5696

    #8 0x55c99572a7b9 in mysql_execute_command(THD*) /data/src/10.3/sql/sql_parse.cc:4239

    #9 0x55c995742791 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.3/sql/sql_parse.cc:7988

    #10 0x55c99571cfa4 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.3/sql/sql_parse.cc:1826

    #11 0x55c99571a005 in do_command(THD*) /data/src/10.3/sql/sql_parse.cc:1370

    #12 0x55c995a91141 in do_handle_one_connection(CONNECT*) /data/src/10.3/sql/sql_connect.cc:1401

    #13 0x55c995a90b56 in handle_one_connection /data/src/10.3/sql/sql_connect.cc:1307

    #14 0x55c9965ceca2 in pfs_spawn_thread /data/src/10.3/storage/perfschema/pfs.cc:1862

    #15 0x7f427523a493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)

    #16 0x7f427362093e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xe893e)

Address 0x7f4268d3a750 is located in stack of thread T5 at offset 64 in frame

    #0 0x55c9959327ea in mysql_create_table_no_lock(THD*, char const*, char const*, Table_specification_st*, Alter_info*, bool*, int, TABLE_LIST*) /data/src/10.3/sql/sql_table.cc:5075

  This frame has 4 object(s):

    [32, 36) 'not_used_2'

    [96, 104) 'not_used_1' <== Memory access at offset 64 underflows this variable

    [160, 176) 'frm'

    [224, 737) 'path'

HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext

      (longjmp and C++ exceptions *are* supported)

Thread T5 created by T0 here:

    #0 0x7f4275473bba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba)

    #1 0x55c9965cf26a in spawn_thread_v1 /data/src/10.3/storage/perfschema/pfs.cc:1912

    #2 0x55c9954e417f in inline_mysql_thread_create /data/src/10.3/include/mysql/psi/mysql_thread.h:1268

    #3 0x55c9954f9cc1 in create_thread_to_handle_connection(CONNECT*) /data/src/10.3/sql/mysqld.cc:6518

    #4 0x55c9954fa3c6 in create_new_thread /data/src/10.3/sql/mysqld.cc:6588

    #5 0x55c9954fb3d7 in handle_connections_sockets() /data/src/10.3/sql/mysqld.cc:6863

    #6 0x55c9954f9179 in mysqld_main(int, char**) /data/src/10.3/sql/mysqld.cc:6138

    #7 0x55c9954e26af in main /data/src/10.3/sql/main.cc:25

    #8 0x7f42735582b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)

SUMMARY: AddressSanitizer: stack-buffer-overflow /data/src/10.3/sql/sql_list.h:179 base_list::push_back(void*, st_mem_root*)

Shadow bytes around the buggy address:

  0x0fe8cd19f490: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

  0x0fe8cd19f4a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

  0x0fe8cd19f4b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

  0x0fe8cd19f4c0: 00 00 f4 f4 00 00 00 00 00 00 00 00 00 00 00 00

  0x0fe8cd19f4d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

=>0x0fe8cd19f4e0: 00 00 f1 f1 f1 f1 04 f4 f4 f4[f2]f2 f2 f2 00 f4

  0x0fe8cd19f4f0: f4 f4 f2 f2 f2 f2 00 00 f4 f4 f2 f2 f2 f2 00 00

  0x0fe8cd19f500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

  0x0fe8cd19f510: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

  0x0fe8cd19f520: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

  0x0fe8cd19f530: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 f4

Shadow byte legend (one shadow byte represents 8 application bytes):

  Addressable:           00

  Partially addressable: 01 02 03 04 05 06 07 

  Heap left redzone:       fa

  Heap right redzone:      fb

  Freed heap region:       fd

  Stack left redzone:      f1

  Stack mid redzone:       f2

  Stack right redzone:     f3

  Stack partial redzone:   f4

  Stack after return:      f5

  Stack use after scope:   f8

  Global redzone:          f9

  Global init order:       f6

  Poisoned by user:        f7

  Contiguous container OOB:fc

  ASan internal:           fe

==8922==ABORTING